Car Hacking: NXP Pushes Flexible Security

MADISON, Wis. — Talking about the vulnerabilities of the electronics in automobiles is a risky business.

On one hand, as long as the auto industry hasn't yet experienced any real-life disasters as a result of car hacking, why even bring it up? Such talk starts to sound like "fear-mongering."

On the other hand, automotive security is a relatively new issue even for many people working in the industry -- chip suppliers, module developers, and, of course, the car makers. While reliability has been always high on vendors' minds, car security has hung below the radar for long time. For decades, cars weren't as much interconnected with the external world as they are now.

But over the last few years the mindset of the automotive industry has changed.

For Dirk Besenbruch, engineer, group leader of Systems & Applications, Automotive, at NXP Semiconductors, a turning point (triggering his work on NXP's automotive security solutions) came when he read a 2011 paper, written by researchers at the University of Washington and the University of California at San Diego, commonly know, among experts, as the "Savage" paper. Stefan Savage of UC San Diego was an author of the paper, which detailed experimental analyses of automotive attack surfaces.

To be clear, the automotive industry didn't entirely dismiss the issue of risks interconnected cars might face. Nor did they stand still.

Several automotive companies, including BMW and Audi, have gotten together to develop a spec called SHE (Secure Hardware Extension). SHE offers protocols for secure communication among different modules inside the car, explained Richard Soja, a distinguished member of Freescale Semiconductor's technical staff. Soja is responsible for the company's 32-bit automotive SoC architecture.

More than a few players also worked on the development of EVITA (E-Safety Vehicle Intrusion Protected Applications, somehow), an EU-sponsored project, to create "a set of guidelines to allow manufacturers to satisfy security features," Soja told us. The EVITA project was completed at the end of 2011.

It might be a while, though, before an appreciable number of cars with newly minted security features hit the road, especially considering the lengthy (about five years) development cycle of a car.

Still, automotive security is a boon for semiconductor companies. It affords an opportunity to demonstrate security expertise, pitch the idea to add secure elements to cars, or even convince carmakers to replace current MCUs with completely new secure SoCs.

NXP NXP early on realized that automotive security could benefit from the company's experience and expertise in developing a "secure element" -- successfully deployed in millions of smartcards. NXP's Besenbruch says his company's approach to automotive security is to leverage that "field-proven" smartcard knowledge, and offer "separated secure elements."

NXP's approach creates a clear contrast to the strategy some competitors -- to wit, Infineon -- are pursuing. Infineon is redesigning the entire MCU to create embedded secure modules. While an embedded secure module might be a good solution for high-end cars, "changing micro [in its entirety] means getting locked into a certain type of MCU," argues Besenbruch.

NXP, in contrast, hopes to sell the flexibility of its separated secure element approach. Considering lifecycles and reliability demanded in the automotive industry, NXP believes its flexible approach can give auto companies more options to get started with protections against certain attacks sooner.

There are two talks coming up at DEFCon 21 and BlackHAT in the next couple weeks on car hacking. Both should really help to get people understanding the risks and possibilities in this area and why addressing security should be as important as it is for all other control systems.

I ran across this short YouTube video published recently by one of the speakers, he demos control of steering:

I am not so sure that I am comfortable with a trust element buried deep inside the car. Personally, I would prefer to have it accessible and removable or even remotely accessed. A paradigm where my authorizations were in my cell phone might even be attractive. Yes, it opens up other issues, but at least I can loan or sell my car without worrying about giving away my credit card numbers in the process.

At a minimum it needs two-factor authentication. Biometric identification built into the car could be useful along those lines, given that cars gain from personalization anyway. There also needs to be secure wipe and authorization lock in the system.

Thanks for this article, but I think it is a neat idea to start talking about auto security. Why do we have to always experienced any real-life disasters as a result of car hacking? Yes, we need to keep in mind the Edwards Deming Theory, try to get things right the first time.

The article is very nicely discussing about the security requirement, and the electronic component manufacturing companies are also trying hard ot implement better securities. But equally on the other side it is turning out that the customers will have to be dependent only on the OEMs. The entire business of spares will be getting centred around Original Manufacturers. This also leads to unavailability of the parts in the distant region globally.

Okay, I concede. Interesting paper. I don't think car thieves would have the ability to do the reverse engineering that you did and I don't think engineers would sell that information to the thieves, so we are relatively safe. I expect the automotive manufacturers to take notice and improve their security. Thank you for the education.